Re: [squid-users] Re: ONLY Cache certain Websites.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 12 Aug 2014 21:38:32 +1200

On 12/08/2014 7:57 a.m., nuhll wrote:
> Thanks for your help.
>
> But i go crazy. =)
>
> Internet is slow as fuck. I dont see any errors in the logs. And some
> services (Battle.net) is not working.
>
> /etc/squid3/squid.conf
> debug_options ALL,1 33,2
> acl domains_cache dstdomain "/etc/squid/lists/domains_cache"
> cache allow domains_cache
> acl localnet src 192.168.0.0
> acl all src all
> acl localhost src 127.0.0.1
> cache deny all
>
> #access_log daemon:/var/log/squid/access.test.log squid
>
> http_port 192.168.0.1:3128 transparent
>
> cache_dir ufs /daten/squid 100000 16 256
>
> range_offset_limit 100 MB windowsupdate
> maximum_object_size 6000 MB
> quick_abort_min -1
>
>
> # Add one of these lines for each of the websites you want to cache.
>
> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000
> reload-into-ims
>
> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 432000 reload-into-ims
>
> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000
> reload-into-ims
>
> #kaspersky update
> refresh_pattern -i
> geo.kaspersky.com/.*\.(cab|dif|pack|q6v|2fv|49j|tvi|ez5|1nj|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> 4320 80% 432000 reload-into-ims
>
> #nvidia updates
> refresh_pattern -i
> download.nvidia.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 432000 reload-into-ims
>
> #java updates
> refresh_pattern -i
> sdlc-esd.sun.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 432000 reload-into-ims
>
> # DONT MODIFY THESE LINES
> refresh_pattern \^ftp: 1440 20% 10080
> refresh_pattern \^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> #kaspersky update
> acl kaspersky dstdomain geo.kaspersky.com
>
> acl windowsupdate dstdomain windowsupdate.microsoft.com
> acl windowsupdate dstdomain .update.microsoft.com
> acl windowsupdate dstdomain download.windowsupdate.com
> acl windowsupdate dstdomain redir.metaservices.microsoft.com
> acl windowsupdate dstdomain images.metaservices.microsoft.com
> acl windowsupdate dstdomain c.microsoft.com
> acl windowsupdate dstdomain www.download.windowsupdate.com
> acl windowsupdate dstdomain wustat.windows.com
> acl windowsupdate dstdomain crl.microsoft.com
> acl windowsupdate dstdomain sls.microsoft.com
> acl windowsupdate dstdomain productactivation.one.microsoft.com
> acl windowsupdate dstdomain ntservicepack.microsoft.com
>
> acl CONNECT method CONNECT
> acl wuCONNECT dstdomain www.update.microsoft.com
> acl wuCONNECT dstdomain sls.microsoft.com
>
> http_access allow kaspersky localnet
> http_access allow CONNECT wuCONNECT localnet
> http_access allow windowsupdate localnet
>
> #test
> http_access allow localnet
> http_access allow all
> http_access allow localhost
>
>
> /etc/squid/lists/domains_cache
> microsoft.com
> windowsupdate.com
> windows.com
> #nvidia updates
> download.nvidia.com
>
> #java updates
> sdlc-esd.sun.com
> #kaspersky
> geo.kaspersky.com
>
> /var/log/squid3/access.log
> 1407786051.567 17909 192.168.0.125 TCP_MISS/000 0 GET
> http://dist.blizzard.com.edgesuite.net/hs-pod/beta/EU/4944.direct/base-Win-deDE.MPQ
> - DIRECT/dist.blizzard.com.edgesuite.net -
> 1407786051.567 17909 192.168.0.125 TCP_MISS/000 0 GET
> http://llnw.blizzard.com/hs-pod/beta/EU/4944.direct/base-Win.MPQ -
> DIRECT/llnw.blizzard.com -

The blizzard.com servers did not produce a response for these requests.
Squid waited almost 18 seconds and nothing came back.

TCP window scaling, ECN, Path-MTU discovery, ICMP blocking are things to
look for here. Any one of them could be breaking the connection from
transmitting or receiving properly.

The rest of the log shows working traffic. Even for battle.net. I
suspect battle.net uses non-80 ports right? I doubt those are being
intercepted in your setup.

> /var/log/squid3/cache.log
> 2014/08/11 21:51:29| Squid Cache (Version 3.1.20): Exiting normally.
> 2014/08/11 21:53:04| Starting Squid Cache version 3.1.20 for
> x86_64-pc-linux-gnu...

Hmm. Which version of Debian (or derived OS) are you using? and can you
update it to the latest stable? squid3 package has been at 3.3.8 for
most of a year now.

> 2014/08/11 21:53:04| Process ID 32739
> 2014/08/11 21:53:04| With 65535 file descriptors available
> 2014/08/11 21:53:04| Initializing IP Cache...
> 2014/08/11 21:53:04| DNS Socket created at [::], FD 7
> 2014/08/11 21:53:04| DNS Socket created at 0.0.0.0, FD 8
> 2014/08/11 21:53:04| Adding nameserver 8.8.8.8 from squid.conf
> 2014/08/11 21:53:04| Adding nameserver 8.8.4.4 from squid.conf
> 2014/08/11 21:53:05| Unlinkd pipe opened on FD 13
> 2014/08/11 21:53:05| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2014/08/11 21:53:05| Store logging disabled
> 2014/08/11 21:53:05| Swap maxSize 102400000 + 262144 KB, estimated 7897088
> objects
> 2014/08/11 21:53:05| Target number of buckets: 394854
> 2014/08/11 21:53:05| Using 524288 Store buckets
> 2014/08/11 21:53:05| Max Mem size: 262144 KB
> 2014/08/11 21:53:05| Max Swap size: 102400000 KB
> 2014/08/11 21:53:05| Version 1 of swap file with LFS support detected...
> 2014/08/11 21:53:05| Rebuilding storage in /daten/squid (CLEAN)
> 2014/08/11 21:53:05| Using Least Load store dir selection
> 2014/08/11 21:53:05| Current Directory is /
> 2014/08/11 21:53:05| Loaded Icons.
> 2014/08/11 21:53:05| Accepting intercepted HTTP connections at
> 192.168.0.1:3128, FD 16.
> 2014/08/11 21:53:05| HTCP Disabled.
> 2014/08/11 21:53:05| Squid plugin modules loaded: 0
> 2014/08/11 21:53:05| Adaptation support is off.
> 2014/08/11 21:53:05| Ready to serve requests.
> 2014/08/11 21:53:05| Store rebuilding is 61.06% complete
> 2014/08/11 21:53:05| Done reading /daten/squid swaplog (6707 entries)
<snip>

Okay, storage rebuild completed. That is normally the first thing to
check with Squid being super-slow right after startup. But it seems fine
for now due to being almost empty.

>
> I also upgraded to squid3. Now i get following infos at start:
> [....] Restarting Squid HTTP Proxy 3.x: squid32014/08/11 21:53:04| WARNING:
> (B) '::/0' is a subnetwork of (A) '::/0'
> 2014/08/11 21:53:04| WARNING: because of this '::/0' is ignored to keep
> splay tree searching predictable
> 2014/08/11 21:53:04| WARNING: You should probably remove '::/0' from the ACL
> named 'all'

Remove "acl all src all" from your config file when using squid3. It is
pre-defined.

Amos
Received on Tue Aug 12 2014 - 09:38:49 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 13 2014 - 12:00:05 MDT